Automated Malware Analysis IOC Report for

Processes

Path

Cmdline

Malicious

/Library/Frameworks/Mono.framework/Versions/4.4.2/bin/mono-sgen32

/Users/bernard/Desktop/Constate

/usr/libexec/xpcproxy

/usr/libexec/nsurlstoraged

/usr/libexec/nsurlstoraged --privileged

/usr/libexec/xpcproxy

/usr/libexec/firmwarecheckers/eficheck/eficheck

/usr/libexec/firmwarecheckers/eficheck/eficheck --integrity-check-daemon

URLs

Name

Malicious

https://www.emidzazi.site/se/cu

54.70.175.13

Details

Name:	https://www.emidzazi.site/se/cu
IP:	54.70.175.13
TargetID:	-1
From Memory:	false
Source:	network

Signature Hits	Behavior Group	Mitre Attack
IP address seen in connection with other malware	Networking
Uses secure TLS version for HTTPS connections	Compliance, Networking

Domains

Name

Malicious

searchlb-3b453017ec33bbb9.elb.us-west-2.amazonaws.com

54.70.175.13

h3.apis.apple.map.fastly.net

151.101.67.6

www.emidzazi.site

unknown

Details

Name:	www.emidzazi.site
TargetID:	-1

Signature Hits	Behavior Group	Mitre Attack
Performs DNS lookups	Networking	Application Layer Protocol Non-Application Layer Protocol
Posts data to webserver	Networking	Application Layer Protocol Non-Application Layer Protocol

IPs

Domain

Country

Malicious

54.70.175.13

searchlb-3b453017ec33bbb9.elb.us-west-2.amazonaws.com

United States

Details

IP:	54.70.175.13
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	16509
ASN name:	AMAZON-02US
Private:	false
Domain:	searchlb-3b453017ec33bbb9.elb.us-west-2.amazonaws.com

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

151.101.3.6

unknown

United States

96.17.64.247

unknown

United States

Details

IP:	96.17.64.247
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	16625
ASN name:	AKAMAI-ASUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Connects to IPs without corresponding DNS lookups	Networking

151.101.131.6

unknown

United States

Details

IP:	151.101.131.6
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	54113
ASN name:	FASTLYUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

151.101.195.6

unknown

United States

Details

IP:	151.101.195.6
TargetID:	-1
Country:	United States
Countrycode:	USA
ASN number:	54113
ASN name:	FASTLYUS
Private:	false

Signature Hits	Behavior Group	Mitre Attack
Uses secure TLS version for HTTPS connections	Compliance, Networking

151.101.67.6

h3.apis.apple.map.fastly.net

United States

Memdumps

Base Address

Regiontype

Protect

Malicious

1197a9000

page execute read

11982d000

page read and write

119861000

page readonly

119828000

page read and write

10bdc4000

page readonly

Details

Name:	00000619.00000255.9.000000010bdc4000.000000010bdca000.r--.sdmp
TargetID:	255
Dumpstage:	process exit
Protect:	page readonly
Base address:	10bdc4000
Size:	24576

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

10bdb3000

page read and write

10bda0000

page read and write

Details

Name:	00000619.00000255.9.000000010bda0000.000000010bdae000.rw-.sdmp
TargetID:	255
Dumpstage:	process exit
Protect:	page read and write
Base address:	10bda0000
Size:	57344

Signature Hits	Behavior Group	Mitre Attack
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)	Malware Analysis System Evasion	Security Software Discovery

10bdaf000

page readonly

10bd75000

page execute read

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
Constate

Processes

URLs

Domains

IPs

Memdumps

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC ReportConstate

Processes

URLs

Domains

IPs

Memdumps

IOC Report
Constate